The Swedish Authority for Privacy Protection has fined Spotify 58 million kronor ($5.4 million) for not properly informing users on how data it collected on them was being used.
The music streaming company said it planned to appeal against the decision.
The Swedish Authority for Privacy Protection's (IMY) on Tuesday said that it had reviewed “how Spotify handles customers' right of access to their personal data."
“As a result of the shortcomings identified, IMY is imposing a fine of 58 million kronor on the company," the Swedish authority said.
Under the rules of the European data protection act GDPR, users have a right to know what data a company has about an individual and how that data is being used.
“Since the information provided by Spotify has been unclear, it has been difficult for individuals to understand how their personal data is processed and to check whether the processing of their personal data is lawful," the Swedish authority said.
IMY also said that the “shortcomings discovered are considered, overall, to be of low severity," motivating the size of the fine by Spotify's user count and revenue.
Last week, Spotify said it is in talks to make the popular podcasts Armchair Expert and Anything Goes available on other streaming platforms.
“We’ve experimented with windowing shows for several years and found success," the company said last week.
“This experimentation around wide and windowing content will continue as we endeavor to be the best partner with the world’s leading podcasters."
On June 5, Spotify said it is cutting about 200 jobs, or 2% of its workforce.
In January, Spotify announced that it was cutting 6% of its global workforce, or about 600 jobs.
(With inputs from agencies)